LnRBAC: A Multiple-Levelled Role-Based Access
Control Model for Protecting Privacy in Object-Oriented Systems
Shih-Chien Chou, Department
of Computer Science and Information Engineering, National Dong
Hwa University,
Taiwan
|
 |
REFEREED
ARTICLE
PDF Version |
Abstract
Role-based access control (RBAC) is useful in information security.
It is a super set of discretionary access control (DAC) and mandatory
access control (MAC). Since DAC and MAC are useful in information flow
control (which protects privacy within an application), RBAC can certainly
be used in that control. Our research reveals that different control
granularity is needed in different cases when controlling information
flows within an application. An information flow control model should
thus simultaneously offer different levels of control granularity.
We designed a multiple-leveled RBAC model to offer multiple levels
of control granularity, in which a level of RBAC controls a level of
granularity. We called the model LnRBAC (n-leveled RBAC), which offer
the following features: (1) it allows different control granularity
in different cases, (2) it solves the covert channel problems caused
by abnormal program stopping, (3) it adapts to dynamic object state
change, (4) it controls method invocation through argument sensitivity
(5) it allows purpose-oriented method invocation, (6) it controls write
access precisely, and (7) it avoids Trojan horses. We implemented a
prototype for LnRBAC and evaluated it. This paper presents LnRBACL.
Note: Due to the typographical sophistication of this article, no HTML
version is available. Please use the PDF version.
About the author
|
 |
Shih-Chien Chou received a Ph. D. degree
from the Department of Computer Science and Information Engineering,
National Chiao Tung University, Hsinchu, Taiwan. He is currently
an associate professor in the Department of Computer Science and
Information Engineering, National Dong Hwa University, Hualien,
Taiwan. His research interests include software engineering, process
environment, software reuse, and information flow control. He can
be contacted through the e-mail address scchou@mail.ndhu.edu.tw. |
Cite this article as follows: Shih-Chien Chou: “LnRBAC: A Multiple-Levelled
Role-Based Access Control Model for the Protecting Privacy in Object-Oriented
Systems”, in Journal of Object Technology, vol. 3, no.
3, March-April 2004, pp. 91-120. http://www.jot.fm/issues/issue_2004_03/article2
|
